Once systems become exploited, a PowerShell script is triggered and a JPEG file titled ‘DSC0002.jped is downloaded onto the Microsoft OneDrive account. “When opening the lure document in presentation mode and the victim hovers the mouse over a hyperlink, a malicious PowerShell script is activated,” – Security researcher at Cluster25. Instead, all they need to do is hover their mouse over the malicious hyperlink. This means that recipients even don't need to click on the link or download anything for the malware to take effect. The cybergang - which is understood to be working with Russian intelligence services - has been utilizing a new code execution technique that responds to the mouse movement of users. Russian hacking group, Fancy Bear, has been found guilty of using the decoy Microsoft PowerPoint to deploy malware, according to researchers from cybersecurity firm, Cluster25. New Mouseover Technique is Being Used to Deliver Malware Otherwise known as APT28, the Fancy Bear hacking group has been causing havoc in cyberspace for some time, but the development of this new mouseover technique is a reminder of how sophisticated malware operations are becoming. Worryingly, all recipients need to do to fall victim to the attack is hover their mouse over the link. The bad actors, who have been posing as the Organization for Economic Co-Operation and Development, have been distributing malwareto government sectors in the European Union via decoy Microsoft PowerPoint documents.
It turns out that no member of the Microsoft Office family is safe, with cyber researchers recently exposing the Russian hacking group, Fancy Bear, for exploiting PowerPoint vulnerabilities to deliver targeted malware.
0 kommentar(er)
